Working mod_shared_roster_ldap with Active Directory Configuration

After much time staring at documentation and forum posts, I have managed to successfully populate a user's roster using mod_shared_roster_ldap with Active Directory.

The process is quick and appears to work well with a few caveats. With everything configured, I noticed I had some presence issues. More specifically, if I added a user that was not within any of the LDAP groups the authorization was never sent. This occurred across several clients, iChat, Spark, Adium, and Pidgin.

Also, the LDAP groups are populated across all users that can authenticate to the jabber server. This is not something we want for our organization, so we ended up using mod_shared_roster with manual groups, but with scripts that monitor the LDAP groups and update the shared roster as needed with the ejabberdctl command with the mod_admin_extra module. I do not know if there is a way to do the displayed groups functionality with mod_shared_roster_ldap, but if someone knows how then please let me know!

The above configurations will obviously need to be modified to fit your organization, especially the ldap_*filter parameters. Our organization looks for the groups based on "JabberRosterGroup" being in the info field.